提交 8cc31116 编写于 作者: A Andrzej Hajda 提交者: Rafael J. Wysocki

PM / OPP: fix off-by-one bug in dev_pm_opp_get_max_volt_latency loop

Reading array at given index before checking if index is valid results in
illegal memory access.

The bug was detected using KASAN framework.
Signed-off-by: NAndrzej Hajda <a.hajda@samsung.com>
Acked-by: NViresh Kumar <viresh.kumar@linaro.org>
Signed-off-by: NRafael J. Wysocki <rafael.j.wysocki@intel.com>
上级 0764c604
......@@ -231,7 +231,8 @@ unsigned long dev_pm_opp_get_max_volt_latency(struct device *dev)
* The caller needs to ensure that opp_table (and hence the regulator)
* isn't freed, while we are executing this routine.
*/
for (i = 0; reg = regulators[i], i < count; i++) {
for (i = 0; i < count; i++) {
reg = regulators[i];
ret = regulator_set_voltage_time(reg, uV[i].min, uV[i].max);
if (ret > 0)
latency_ns += ret * 1000;
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册